Free tools and resources for Data Protection Officers!

Tag Archives for " GDPR "

New European Union Financial Rules to Give U.S. Consumers Protection as Well

Thanks to new set of regulations in the European Union, customers of U.S. financial institutions – banks, credit-card companies and insurance companies – soon will enjoy better protection of their personal data.

The General Data Protection Regulation (“GDPR”) will force companies to be more transparent about the type of data they collect on individuals, how that data is used and when personal information is exposed in a breach.

GDPR takes effect in May 2018 and will apply to all companies that process data on EU citizens, even if they are located outside EU. It is also expected that large multinational companies, including financial institutions, operating in multiple jurisdictions will adopt single set of rules throughout their operations, rather than try to enforce multiple sets of rules across locations.

Source: New European Union Financial Rules to Give U.S. Consumers Protection as Well

Preparing to Comply with the GDPR: Start Now, Plan to Invest

In May of 2018, Europe’s General Data Protection Regulation (“GDPR”) will take effect throughout the European Union. GDPR will set data protection standards for the EU and brings with it significant consequences for companies in EU or those who has business there. To understand the risk exposure, companies are currently in the process of assessing their compliance with the upcoming regulation in light of the potential maximum exposure.

Source: Preparing to Comply with the GDPR: Start Now, Plan to Invest

Article 29 Working Party Issues Guidance on Data Protection Impact Assessments

Article 29 Working Party has published draft guidance on data protection impact assessments (DPIA). Its full text of is available on the Working Party’s website. Comments to draft guidance can be submitted by 23 May 2017.

Source: Article 29 Working Party Issues Guidance on Data Protection Impact Assessments

Privacy watchdog: businesses that demand personal data in return for services run foul of new EU data protection laws

In his opinion on ePrivacy Regulation, European Data Protection Supervisor Giovanni Buttarelli indicated that businesses that require consumers to provide data about themselves in return for access to their services they offer will not have valid consent to process that information under GDPR.

Source: Privacy watchdog: businesses that demand personal data in return for services run foul of new EU data protection laws

European Commission, experts uneasy over WP29 data portability interpretation

The European Commission has written to EU privacy regulators to express concern over their interpretation of the data portability clause in the General Data Protection Regulation.

Specifically, the Commission appears to be worried that the regulators have interpreted too broad a scope for the GDPR’s Article 20. The Article 29 Working Party (WP29), the group that represents EU privacy regulators, issued guidelines earlier this month in which it said “the right to data portability covers data provided knowingly and actively by the data subject as well as the personal data generated by his or her activity.”

Source: European Commission, experts uneasy over WP29 data portability interpretation

Watchdog queries scope of rules on ‘profiling’ under the GDPR

The Information Commissioner’s Office (ICO) has identified an anomaly between the definition of profiling in the GDPR and how profiling is described in other parts of the Regulation. The ICO has published its findings in a new discussion paper (28-page / 390KB PDF).

Source: Watchdog queries scope of rules on ‘profiling’ under the GDPR

German DPA Publishes English Translation of Standard Data Protection Model

On April 13, 2017, the North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information published an English translation of the draft Standard Data Protection Model (“SDM”). The SDM was adopted in November 2016 at the Conference of the Federal and State Data Protection Commissioners.

Source: German DPA Publishes English Translation of Standard Data Protection Model : : Privacy & Information Security Law Blog

Germany: DPAs try and find “common and practical approach” with Standard Data Protection Model

The German Federal and State Commissioners (‘the Commissioners’) released, on 14 April 2017, a Standard Data Protection Model (‘SDP Model’), which analyses the interrelation between the legal requirements regarding data processing and the selection and implementation of technical and organisational data protection measures, under existing German law and the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’).

Source: Germany: DPAs try and find “common and practical approach” with Standard Data Protection Model

Is Data Protection Law Growing Teeth? The Current Lack of Sanctions in Data Protection Law and Administrative Fines under the GDPR

This article looks at the current lack of enforcement and sanctions in European Data Protection Law with a particular focus on administrative fines. It identifies reasons for the existing deficits in European Data Protection Law and analyses the potential of the new rules of the General Data Protection Regulation (GDPR) to compensate for those deficits. The article argues that the practical application of the new rules and the coordination of Data Protection Authorities (DPAs) in all member states of the EU are the key to more efficient sanctioning and enforcement through administrative fines.

Source: Is Data Protection Law Growing Teeth? The Current Lack of Sanctions in Data Protection Law and Administrative Fines under the GDPR

Regulators Comment on Proposed ePrivacy Law Reforms

Things move fast in the world of privacy and data protection. Recently, the collective group of EU data protection authorities, the Article 29 Working Party (“WP29”), has been particularly active. In addition to publishing guidelines and launching consultations regarding the General Data Protection Regulation (“GDPR”), WP29 also released its views on the proposed ePrivacy law reforms, which legislators are aiming to coincide with the commencement of the GDPR. We examine the views of WP29.

Source: Regulators Comment on Proposed ePrivacy Law Reforms

1 91 92 93
>